ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Colormind

v1.1.1

Generate color palettes and get color suggestions via the Colormind.io API (list models, generate palettes with optional locked colors).

0· 716·0 current·1 all-time
by@boilerrat
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description (generate palettes via Colormind) match the included scripts and runtime instructions. Required binaries (node, python3, ImageMagick 'convert') are legitimately needed by the included files. No unexpected credentials, config paths, or unrelated binaries are requested.
Instruction Scope
SKILL.md and scripts limit actions to: reading a provided image path, running ImageMagick to sample colors, parsing results, and POST/GET to colormind.io. The README explicitly warns that image-derived color data is sent externally and that the API uses HTTP. The scripts use temp files and trap-based cleanup; they do not read other system files or environment secrets.
Install Mechanism
This is instruction-only from the registry perspective (no installer that downloads external archives). All executable code is included in the skill bundle, so nothing is fetched or extracted at install time. Risk from the install mechanism is minimal.
Credentials
The skill requests no environment variables or credentials. The lack of secrets is proportionate to its functionality. The only notable external access is network calls to colormind.io (documented and expected).
Persistence & Privilege
The skill does not request always:true, does not modify other skills, and contains no persistent agents or autorun hooks. It runs only when invoked and does not store credentials or alter system-wide settings.
Assessment
This skill appears to do exactly what it claims: sample image colors and call colormind.io to generate palettes. Before installing, consider these privacy and safety points: (1) all API calls use plain HTTP (unencrypted) — network observers can see the RGB values you send, so do not use with sensitive or proprietary images/colors; (2) image processing uses ImageMagick ('convert') — use a recent patched ImageMagick and consider running in a sandbox for untrusted images; (3) the skill does not request any credentials, but it does make outbound network requests to colormind.io; if you need encrypted transport or tighter control, host a Colormind-compatible API behind HTTPS or use a local palette-generation library. If you plan to run this in an automated agent, add explicit user consent before processing images and restrict allowed image sources/directories.

Like a lobster shell, security has layers — review code before you run it.

colorsvk97146yk9vnyvhhp3z6rghp8tn81fj43designvk97146yk9vnyvhhp3z6rghp8tn81fj43latestvk97146yk9vnyvhhp3z6rghp8tn81fj43utilitiesvk97146yk9vnyvhhp3z6rghp8tn81fj43

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

🎨 Clawdis
Binsnode, python3, convert

Comments